Category: Cybersecurity

• Dangerous Android attack keywords are at the center of a new hacking campaign targeting a 12-word passphrase linked to cryptocurrency wallets.
• The SpyAgent malware disguises itself as one of over 280 fake apps, employing distraction techniques to hide its malicious activities.
• Victims may unknowingly download Android Package Kit files that request access to SMS messages, contacts, and stored images.
• Hackers aim to extract mnemonic keys from users’ photos, potentially compromising their cryptocurrency assets.
• Users are advised to remain vigilant against phishing threats, install apps only from official stores, and utilize Google Play Protect for security.

https://www.forbes.com/sites/daveywinder/2024/09/07/new-and-dangerous-android-attack-12-words-are-targeted-by-hackers/…

• Researchers have identified 280 Android apps that use OCR to steal cryptocurrency credentials, posing as legitimate applications from banks and services.
• These malicious apps scan infected devices for sensitive information, including text messages and images, sending the data to remote servers controlled by the developers.
• The malware campaign primarily targets users in South Korea but is expanding into the UK, indicating a broader operational strategy by the attackers.
• The apps have undergone multiple updates to enhance their obfuscation techniques, making detection more challenging for security software.
• Users concerned about potential infections are advised to refer to McAfee’s resources for lists of associated websites and cryptographic hashes.

https://arstechnica.com/security/2024/09/found-280-android-apps-that-use-ocr-to-steal-cryptocurrency-credentials/…

• Concord goes offline error message marks the abrupt end of Sony’s 5v5 hero shooter just two weeks after its PS5 and PC launch.
• The game, developed by Firewalk Studios, struggled with low player numbers and only around 25,000 copies sold.
• Sony’s decision to take Concord offline surprised many, with Firewalk admitting the initial launch did not succeed.
• Despite the shutdown, the game’s community team expressed gratitude to players and announced that the Discord server would remain active.
• Future possibilities for Concord’s return are uncertain, but it will still appear in Amazon’s upcoming animated video game anthology series, Secret Level.

https://www.eurogamer.net/concord-unceremoniously-goes-offline-with-an-anticlimactic-error-message…

• New evidence suggests that Big Tech listening devices, including those from Google, Microsoft, Meta, and Amazon, may be used to eavesdrop on users for targeted advertising.
• Cox Media Group (CMG) has proposed an “Active Listening” service that leverages smart devices to gather voice data for hyper-targeted marketing strategies.
• The pitch claims that it is legal for companies to collect this data, raising ethical concerns about privacy and user consent.
• All four Big Tech companies have denied any involvement with CMG’s Active Listening program and reiterated their policies against using microphones for ad targeting.
• Despite these denials, consumer privacy concerns regarding the potential misuse of smart home devices are expected to persist.

https://mashable.com/article/cox-media-group-active-listening-google-microsoft-amazon-meta…

• Phone listens to conversations through Active-Listening software, allowing companies to eavesdrop and sell the data to advertisers, confirming long-held suspicions.
• A recent leak from marketing firm CMG outlines how their software captures voice data from devices, which can be accessed via apps that users unknowingly permit.
• The lack of protective legislation enables this practice, as users consent to microphone access without understanding the implications, creating a multi-billion dollar data broker industry.
• Voice data collected can be sold to various entities, including advertisers, insurance companies, and even government agencies, posing significant privacy risks.
• To protect themselves, users are advised to manage app permissions, delete unused apps, and remain vigilant about the privacy risks associated with their devices.

https://www.dailymail.co.uk/sciencetech/article-13809281/Experts-reveal-sneaky-way-phone-listens-conversations-stop-it.html…

• Facebook, Google are listening into your conversations, according to a leaked pitch deck from Cox Media Group, which details their Active-Listening software that analyzes voice data for targeted ads.
• The software purportedly collects real-time intent data by eavesdropping through microphones on devices like smartphones and home assistants.
• Advertisers can use this voice data alongside behavioral data to target consumers actively considering purchases, creating a link between conversations and ad visibility.
• Despite claims from tech giants denying they listen to conversations, the leak supports long-held suspicions among users regarding targeted advertising based on spoken words.
• CMG asserts that Active Listening is legal, often buried in lengthy terms of service agreements, raising concerns about privacy and consent in states with strict wiretapping laws.

https://www.dailymail.co.uk/sciencetech/article-13805393/Facebook-partner-brags-listening-phones-microphone-serve-ads.html…

• Voldemort malware is targeting Google Sheets and impersonating tax agencies to exploit multiple attack vectors across various regions.
• It features a C-based backdoor that enables data exfiltration, file management, and the introduction of new payloads.
• The malware operates using Google Sheets as a Command and Control Server, utilizing Google’s API to evade detection by security tools.
• Attackers distribute the malware through phishing emails that impersonate tax authorities, leading victims to malicious links disguised as legitimate documents.
• While Windows users are at risk, Linux and Mac OS users remain unaffected; security measures include restricting access to external file-sharing services and monitoring suspicious activity.

https://www.androidheadlines.com/2024/08/voldemort-malware-targeting-google-sheets-and-impersonating-tax-agencies.html…

• North Korean hackers exploited a Chrome zero-day vulnerability to conduct crypto theft, targeting organizations to steal cryptocurrency.
• The hacking group, identified as Citrine Sleet, began its activities on August 19, 2023, and is known for focusing on the cryptocurrency sector.
• The hackers utilized a flaw in Chromium’s core engine and created fake websites to trick victims into downloading malicious applications.
• Microsoft reported that the attackers installed a rootkit on compromised systems, gaining full control over the victims’ data.
• The United Nations estimates that North Korean hackers have stolen $3 billion in cryptocurrency from 2017 to 2023 to fund their regime’s activities.

https://techcrunch.com/2024/08/30/north-korean-hackers-exploited-chrome-zero-day-to-steal-crypto/…

• North Korean hackers exploit a Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit, gaining SYSTEM privileges via a Windows Kernel exploit.
• Microsoft attributes the attacks to the threat group Citrine Sleet, which targets the cryptocurrency sector for financial gain.
• The hackers use fake cryptocurrency trading platforms to lure victims, often employing malicious job applications and weaponized wallets.
• Google recently patched the zero-day vulnerability, which allowed attackers to execute remote code in the Chromium renderer and escape the sandbox.
• The FudModule rootkit has been linked to other North Korean hacking groups, highlighting ongoing threats to financial institutions and cryptocurrency organizations.

https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-chrome-zero-day-to-deploy-rootkit/…

• Powerful spyware watering hole attacks have been increasingly utilized by elite hacking groups, leveraging unpatched zero-day vulnerabilities to compromise devices.
• Governments are primary customers for commercial spyware vendors like Intellexa and NSO Group, targeting opposition figures and activists.
• Google’s Threat Analysis Group linked recent hacking campaigns by Russia’s APT29 Cozy Bear to exploits similar to those from Intellexa and NSO Group.
• The attackers conducted watering hole attacks on Mongolian government websites, exploiting vulnerabilities in iOS and Android that had been previously patched.
• The sophistication of these attacks suggests a well-resourced state-backed group, raising concerns about the proliferation of commercial spyware exploits to dangerous threat actors.

https://www.wired.com/story/russia-cozy-bear-watering-hole-attacks/…

• To protect home privacy, homeowners are increasingly requesting Google to blur images of their residences on Google Maps Street View.
• Google Maps allows users to virtually explore neighborhoods, which can be beneficial for various legitimate purposes but also poses risks for privacy and security.
• Emory Professor Ramnath Chellappa notes that while blurring images helps deter potential criminals, it does not eliminate all online visibility of the home.
• The blurring process is straightforward and has been available for years, providing a measure of privacy for concerned homeowners.
• Although blurring can reduce the clarity of images, other platforms like Zillow and Apple Maps may still display unblurred images and information about the property.

https://www.wsbtv.com/news/local/atlanta/interested-protecting-privacy-your-home-google-maps-may-be-answer/HJEQN5BH7VHRZHBP5UD2TQNBSE/…

• Blurring homes on Google Maps is a strategy homeowners are using to deter burglars, according to Riverside police.
• Thieves utilize websites like Zillow and Redfin, along with image searches, to gather information about potential targets.
• Drones are also employed by criminals to scout neighborhoods and observe the interior of homes through windows.
• As technology becomes more accessible, criminals are leveraging it to their advantage, increasing the need for homeowners to be vigilant.
• Building relationships with neighbors is crucial, as vigilant neighbors can help identify suspicious activity and enhance community security.

https://abc7.com/post/blurring-homes-google-maps-thieves-search-websites-like-zillow-redfin-police-say/15223560/…

• Android malware payment card theft has been identified with the discovery of NGate, which uses an infected device’s NFC reader to steal payment card data and clone cards for unauthorized transactions.
• The malware, named NGate, employs NFCGate, an open-source tool, to relay NFC data from the victim’s card to the attacker’s smartphone for emulation and ATM withdrawals.
• NGate is typically installed through phishing tactics, where victims are tricked into downloading a fake banking app that requests sensitive information and NFC activation.
• The campaign likely ended following the arrest of a suspect in Prague, who was involved in a similar scheme using NGate to withdraw money from ATMs.
• Researchers indicate that NGate could also be adapted for other NFC-related attacks, such as cloning smart cards used for various applications, highlighting the versatility of this malware.

https://arstechnica.com/security/2024/08/android-malware-uses-nfc-to-read-payment-card-data-then-sends-it-to-attacker/…

• Chrome browser zero-day exploit has been identified, involving a “type confusion” vulnerability that hackers are actively exploiting.
• The flaw, known as CVE-2024-7971, affects Chrome’s V8 JavaScript engine and can allow attackers to execute malicious code or crash the software.
• Google released a patch within two days of being informed by Microsoft’s Threat Intelligence Center, addressing this critical vulnerability.
• Users on Windows, Mac, and Linux can update their Chrome browser to version 128.0.6613.84/.85 to mitigate the risk and benefit from other bug fixes.
• The exploit may be spread through phishing emails and malicious web pages, highlighting the importance of timely updates and cybersecurity awareness.

https://www.pcmag.com/news/patch-now-hackers-found-exploiting-zero-day-flaw-in-chrome-browser…

• Update Chrome now to patch another zero-day exploit, specifically CVE-2024-7971, which is actively being exploited.
• This marks the ninth security vulnerability discovered and patched in Chrome this year.
• The vulnerability stems from a “type confusion” error in Google’s JavaScript engine, identified by Microsoft’s Threat Intelligence Center.
• The latest update includes seven high-priority patches and thirteen others of medium or low priority.
• Ensure you are on version 128.0.6613.84 for Windows and Linux, or 128.0.6613.85 for Mac.

https://www.pcworld.com/article/2435418/time-to-update-chrome-again-to-patch-another-zero-day.html…

• Microsoft is investigating dual-boot patch issues after a recent update intended to fix a GRUB vulnerability is causing crashes in PCs running both Windows and Linux.
• The security update for CVE-2022-2601, aimed at addressing a buffer overflow flaw, unexpectedly affected dual-boot systems and prevented Linux distributions from booting.
• Users reported encountering error messages related to Secure Boot, prompting some to disable this feature as a workaround to regain access to their systems.
• Microsoft acknowledged the issue and is collaborating with Linux partners to resolve the problems caused by the patch, particularly in outdated bootloader scenarios.
• In related news, a three-year-old Microsoft Exchange Server vulnerability has been added to the CISA’s Known Exploited Vulnerabilities Catalog, highlighting ongoing security concerns with unpatched systems.

https://www.theregister.com/2024/08/21/microsoft_patch_dual_boot/…

• Microsoft patch Linux issues have arisen from a recent update intended to fix a 2-year-old GRUB vulnerability, leading to boot failures for many Linux users.
• The update caused dual-boot systems to be unable to load Linux when Secure Boot is enforced, resulting in error messages for affected users.
• Multiple Linux distributions, including Debian and Ubuntu, are impacted, despite Microsoft’s initial assurances that dual-boot systems would remain unaffected.
• Users have been left to find their own solutions, such as disabling Secure Boot or deleting the SBAT policy pushed by Microsoft.
• Security experts note that while Secure Boot enhances Windows security, it presents vulnerabilities that can affect both Windows and Linux systems.

https://arstechnica.com/security/2024/08/a-patch-microsoft-spent-2-years-preparing-is-making-a-mess-for-some-linux-users/…

• North Korea Windows 0-day exploit involved a recently patched Windows zero-day vulnerability (CVE-2024-38193) that was used by hackers to install an advanced rootkit.
• The vulnerability, located in AFD.sys, allowed attackers to bypass security restrictions and gain system privileges, enabling them to execute untrusted code.
• The hacking group Lazarus, linked to the North Korean government, was identified as the perpetrator of the attacks, targeting individuals in sensitive fields like cryptocurrency and aerospace.
• The malware used in the attacks, FudModule, is a sophisticated rootkit that can hide its operations from both internal and external security measures.
• Details about the extent of the attacks, including when they began and how many organizations were affected, remain undisclosed, with no indicators of compromise reported.

https://arstechnica.com/security/2024/08/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit/…

• Google is sunsetting its Play Store Bug Bounty program, officially ending it on September 30 after a review period for reports submitted by August 31.
• The program, launched in 2017, incentivized security researchers to identify and report vulnerabilities in Android apps, with rewards ranging from $500 to $20,000.
• Google cites a decrease in actionable vulnerabilities reported as a reason for closing the program, attributing this to enhanced built-in security measures in Android.
• The discontinuation raises concerns about potential security risks, especially for smaller developers who may lack their own bug detection systems.
• Users are advised to be cautious when downloading apps from the Play Store, checking for red flags like poor grammar, excessive permissions, and ensuring apps are regularly updated.

https://lifehacker.com/tech/watch-out-for-a-rise-in-malicious-play-store-apps…

• Google Pixel Phone App, specifically Showcase.apk, is being removed due to concerns about a major vulnerability that could be exploited if the app is activated.
• The app, intended for in-store demonstrations, accesses data using an insecure http protocol, raising security alarms from Palantir and iVerify over 90 days ago.
• Google claims there’s no evidence of active exploitation, but the removal is a precautionary measure to protect corporate environments using Android devices.
• The app is part of the firmware on Pixel phones and cannot be removed by users, but it is not present on the latest Pixel 9 series devices.
• Other Android OEMs will also eliminate this demo capability from supported devices, while Google plans to release an update in the coming weeks to address the issue.

https://www.cnet.com/tech/mobile/google-pulls-built-in-pixel-phone-app-after-security-alarms-raised/…

• Researchers have identified a Google Pixel bloatware exploit involving “Showcase.apk,” which has shipped with many Pixel devices since 2017, posing a security risk due to its deep system access.
• The vulnerability allows potential remote code execution and package installation via an unencrypted web connection used by the software.
• Showcase.apk cannot be uninstalled by users and, while not enabled by default, could be activated through various means.
• Google has been informed of the issue and plans to release a software update to remove the exploit from all affected Pixel devices soon.
• The latest Google Pixel 9 devices announced do not include the problematic Showcase software, indicating a step towards improved security.

https://www.engadget.com/mobile/smartphones/researchers-claim-most-google-pixel-phones-shipped-with-exploitable-bloatware-since-2017-185926564.html…

• Google Pixel security vulnerability affects phones sold since September 2017, allowing potential surveillance or remote control by malicious actors.
• The issue was identified by iVerify after a flag was raised regarding an insecure Android device at Palantir Technologies.
• A hidden software package, Showcase.apk, was found on Google Pixel devices, initially developed by Smith Micro Software for Verizon in-store demos.
• The app could be manually enabled and, when active, posed risks for man-in-the-middle attacks, code injection, and spyware, potentially leading to significant data breaches.
• Google confirmed the software is no longer in use and plans to remove it from all Pixel devices, although no immediate updates have been released to address the vulnerability.

https://www.theverge.com/2024/8/15/24221151/google-pixel-showcase-software-spyware-palantir-iverify…

• X passkeys support Android as the platform rolls out passkey functionality for enhanced account security, following its earlier release for iOS users in April.
• Passkey logins improve security by requiring physical access to the user’s device, making it more difficult for unauthorized access compared to traditional logins.
• Unlike standard logins, passkeys utilize biometric authentication methods like Face ID or Touch ID, or a physical security key, eliminating reliance on vulnerable username and password combinations.
• The introduction of passkeys on X addresses the needs of users who previously depended on SMS two-factor authentication, which was removed for free users last year.
• To enable passkeys on X, users must navigate through the app settings, selecting “Security” and then “Additional password protection” to add a passkey.

https://techcrunch.com/2024/08/15/x-begins-rolling-out-support-for-passkeys-on-android/…

• Nearly all Google Pixel phones are left exposed by an unpatched flaw in a hidden Android app called “Showcase.apk,” which has existed since September 2017 and allows for potential device manipulation and takeover.
• The vulnerability is linked to a system-level application developed for Verizon by Smith Micro, which has deep privileges including remote code execution and installation.
• Researchers from iVerify disclosed the issue to Google in May, but as of now, no fix has been released, leading to concerns about the security of the Pixel ecosystem.
• The flaw requires physical access to the device to exploit, but it raises significant security concerns, especially as other Android devices may also be affected.
• The slow response from Google has prompted companies like Palantir to phase out Pixel and all Android devices due to eroded trust in the ecosystem.

https://www.wired.com/story/google-android-pixel-showcase-vulnerability/…

• Google Pixel spyware warning has been issued due to a serious security vulnerability in the pre-installed Showcase app, leaving millions of devices exposed to man-in-the-middle attacks and potential spyware injections.
• The vulnerability was highlighted by iVerify, which noted that the app operates at the system level and can alter the phone’s operating system, creating a significant security risk.
• Palantir’s CISO criticized Google for embedding third-party software without proper security reviews, asserting that this compromises the safety of users relying on the Android ecosystem.
• Although there is currently no evidence of active exploitation, iVerify warns that users cannot protect themselves from this vulnerability as the app is part of the firmware and cannot be uninstalled.
• Google plans to remove the Showcase app from all supported Pixel devices in an upcoming software update, while also notifying other Android manufacturers about the issue.

https://www.forbes.com/sites/zakdoffman/2024/08/15/new-pixel-warning-as-pixel-9-pixel-9-pro-pixel-9-pro-fold-release/…

• Google Pixel carrier app security is compromised by the pre-loaded “Showcase” app, which has a significant security vulnerability allowing remote software installation and code execution.
• The app, developed by Smith Micro for Verizon, has advanced system privileges and operates over an unencrypted HTTP connection, making it susceptible to hijacking.
• Although the app is disabled by default and requires physical access to enable, its presence on nearly all Pixel devices raised concerns about potential exploitation.
• Google plans to remove the “Showcase” app from Pixel devices in the coming weeks and has confirmed that it is no longer in use by Verizon or Google.
• The slow response from Google to address the vulnerability has led to trust issues, prompting Palantir to phase out the use of Pixel devices within its operations.

https://9to5google.com/2024/08/15/google-pixel-showcase-app-security-vulnerability/…

• Windows TCP/IP RCE vulnerability (CVE-2024-38063) affects all Windows systems with IPv6 enabled, allowing remote code execution via specially crafted packets.
• Microsoft’s August 2024 Patch Tuesday addresses 9 zero-day vulnerabilities, with a significant focus on the critical RCE flaw.
• The vulnerability is caused by an Integer Underflow issue, leading to potential buffer overflows and arbitrary code execution.
• Experts warn that disabling IPv6 is a temporary mitigation, as it is essential for many Windows components and the vulnerability can be exploited before firewall processing.
• Historical context shows multiple past IPv6 vulnerabilities, indicating a persistent risk for Windows systems that users should prioritize patching.

https://www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled/…

• High-end racing bike hacking exposes vulnerabilities in wireless gear-shifting systems, potentially threatening events like the Tour de France.
• Researchers from UC San Diego and Northeastern University identified cybersecurity risks associated with Shimano Di2 technology, the leading wireless gear-shifting system.
• The vulnerabilities allow attackers to manipulate gear shifts or jam operations, posing risks of crashes or injuries during races.
• Attacks can be executed from up to 10 meters away using off-the-shelf devices, enabling targeted disruptions to individual bikes.
• Shimano is collaborating with researchers to address these security issues and has begun implementing suggested countermeasures.

https://www.theverge.com/2024/8/14/24220390/bike-hack-wireless-gear-shifters…

• ChatGPT rogue voice impersonation occurred when OpenAI’s GPT-4o model unexpectedly imitated users’ voices without their permission during testing.
• The Advanced Voice Mode was designed to allow users to interact vocally with ChatGPT, but it raised concerns about unauthorized voice generation.
• OpenAI acknowledged the potential risks, including increased fraud and misinformation due to the ability to impersonate voices and create human-sounding audio.
• The risk of unintentional voice replication is considered minimal, as OpenAI has implemented safeguards to restrict voice generation to pre-approved voices.
• AI researchers noted that while the model’s capabilities are impressive, they are also limited by these restrictions to prevent misuse.

https://futurism.com/the-byte/chatgpt-clone-voice-without-permission…

• AMD Ryzen EPYC vulnerability mitigation is necessary due to the newly discovered “Sinkclose” vulnerability affecting millions of AMD CPUs worldwide, potentially allowing unauthorized code execution in sensitive System Management Mode.
• The Sinkclose vulnerability has been present for over a decade and was recently disclosed at the Defcon hacker conference by security firm IOActive.
• Hackers can exploit this vulnerability using undetectable bootkit malware, making it difficult to remove even after a system wipe.
• AMD has acknowledged the issue, providing a security bulletin and firmware patches for affected processors, including Ryzen 3000 and newer, along with 1st Gen EPYC and above.
• While mitigation is available for most Ryzen and EPYC CPUs, users may need to perform complex hardware-based updates, and an upcoming BIOS update is expected to address the remaining vulnerabilities for consumers.

https://wccftech.com/millions-systems-amd-ryzen-epyc-cpus-affected-sinkclose-vulnerability-mitigations-rolled-out/…

• AMD chips malware exploit has been identified due to a vulnerability in the System Management Mode of AMD processors, allowing malware installation that survives OS reinstalls.
• The “Sinkclose” vulnerability grants attackers high system privileges, enabling them to embed malware in firmware, making it difficult to detect or remove.
• AMD has started releasing patches for affected Ryzen and Epyc processors, but the flaw has a “high” severity rating and is not easy to exploit without kernel-level access.
• Researchers warn that while exploiting Sinkclose requires existing privileges, the potential for elite hackers to misuse it poses a significant threat.
• IOActive plans to discuss the vulnerability further at the DEF CON security conference, withholding proof-of-concept code temporarily to allow AMD time to address the issue.

https://me.pcmag.com/en/processors/25238/flaw-in-amd-chips-can-be-exploited-to-plant-malware-that-survives-os-reinstalls…

• The AMD SinkClose flaw allows malware installation with nearly undetectable capabilities by enabling attackers to escalate privileges from Kernel-level (Ring 0) to Ring -2.
• This high-severity vulnerability, tracked as CVE-2023-31315, affects multiple generations of AMD processors, including EPYC, Ryzen, and Threadripper.
• Discovered by IOActive researchers, the flaw has remained undetected for nearly 20 years and can disable security features to facilitate persistent malware.
• Detection of malware installed via SinkClose requires physical access to the CPU and specialized tools, as it operates outside the visibility of the operating system.
• Although AMD has released mitigations for affected CPUs, the potential for exploitation remains a significant concern, especially from sophisticated threat actors and ransomware gangs.

https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/…

• Hackers exploit Microsoft Copilot by leveraging vulnerabilities in the AI tool, which can be used for malicious purposes, as demonstrated by security researcher Michael Bargury at the Black Hat USA conference.
• Bargury highlighted methods attackers could use to install backdoors and facilitate data theft through Copilot plugins, enabling AI-driven social engineering attacks.
• The manipulation of Copilot’s behavior via prompt injections allows hackers to alter AI responses to extract sensitive information while bypassing traditional security measures.
• The introduction of the red-teaming tool “LOLCopilot” aims to help ethical hackers simulate attacks and understand the threats posed by Copilot, revealing insufficient default security settings.
• Organizations are urged to implement robust security practices, educate employees on AI risks, and establish incident response protocols to mitigate the potential exploitation of AI technologies.

https://cybersecuritynews.com/hackers-can-exploit-microsoft-copilot/…

• Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms by exposing vulnerabilities in the web infrastructure used by ransomware gangs.
• Two companies received decryption keys that allowed them to recover their data without paying, while four crypto firms were warned before their files were encrypted.
• Security researcher Vangelis Stykas identified flaws in the operations of ransomware groups, including default passwords and exposed API endpoints.
• The vulnerabilities allowed Stykas to access information about the gangs and their victims, revealing potential real-world server locations.
• The research highlights that ransomware gangs are susceptible to basic security issues, suggesting a potential avenue for law enforcement to combat cybercrime.

https://techcrunch.com/2024/08/08/security-bugs-in-ransomware-leak-sites-helped-save-six-companies-from-paying-hefty-ransoms/…

• The 18-Year-Old Browser Vulnerability affects major web browsers on MacOS and Linux, allowing malicious websites to exploit local network services.
• This critical flaw arises from inconsistent security implementations across browsers, enabling attackers to access sensitive services via the IP address 0.0.0.0.
• The vulnerability, present since 2006, does not impact Windows devices as Microsoft blocks the problematic IP address at the OS level.
• Public websites with “.com” domains can communicate with local services using 0.0.0.0, bypassing Private Network Access protections and potentially leading to remote code execution.
• In response to these findings, web browsers are expected to block access to 0.0.0.0 by April 2024 to prevent unauthorized access to private network endpoints.

https://thehackernews.com/2024/08/0000-day-18-year-old-browser.html…

• macOS 15 security exploit fix will address an 18-year-old vulnerability that allows hackers to access internal networks through web browser queries to a 0.0.0.0 IP address.
• Hackers exploit the way browsers like Safari, Chrome, and Firefox handle these queries, redirecting them to internal servers and collecting sensitive data.
• The exploit enables unauthorized access to developer code and internal communications, posing significant risks to companies.
• Apple plans to block access attempts to 0.0.0.0 in the macOS Sequoia beta, while Google aims to implement similar protections in future Chrome updates.
• Mozilla has not yet provided a solution, expressing concerns about potential compatibility issues with their browser.

https://9to5mac.com/2024/08/07/macos-sequoia-to-fix-exploit-that-lets-hackers-access-internal-networks/…

• To disable Gatekeeper in macOS 15 Sequoia, users must navigate through System Settings Privacy & Security instead of using the previous Control-click method.
• The change aims to enhance security by encouraging developers to sign and notarize their software, ensuring it is free from malicious content.
• Users will now have to follow a more cumbersome process to open unsigned apps, which could be seen as a minor inconvenience.
• While the change may not significantly disrupt users, it may reignite concerns about Apple’s increasing control over macOS, similar to iOS and iPadOS.
• The macOS 15 Sequoia update is currently in beta, with a public release expected in the fall, alongside features from an early 15.1 update.

https://arstechnica.com/gadgets/2024/08/macos-15-sequoia-makes-you-jump-through-more-hoops-to-disable-gatekeeper-app-checks/…

• Samsung security flaw rewards include up to $1 million for discovering vulnerabilities in its software across mobile devices.
• The company has launched the ‘Important Scenario Vulnerability Program (ISVP)’ to incentivize bug hunting related to device unlocking and data protection.
• Rewards vary significantly, with local arbitrary execution flaws earning around $300,000 and remote code execution (RCE) fetching up to $1 million.
• Samsung has previously paid out over $4.9 million in total since 2017 through various bug bounty programs, with $827,925 distributed in 2023 alone.
• Participants must ensure that vulnerabilities are buildable exploits that consistently work on Samsung’s main devices with the latest security updates.

https://www.techradar.com/pro/samsung-is-offering-up-to-dollar1-million-to-anyone-who-can-find-security-flaws-in-its-software…

• Bad apps bypass Windows alerts using methods like “LNK Stomping,” which exploits a bug in Windows shortcut files to nullify the Mark of the Web (MotW) for six years.
• This technique allows malicious apps to evade detection by Windows SmartScreen and Smart App Control (SAC) by manipulating target paths in LNK files.
• Elastic Security Labs reported that many samples exhibiting this bug have been found in the wild, with the oldest dating back over six years, and they have engaged Microsoft about potential fixes.
• Other bypass techniques include Reputation Hijacking, Reputation Seeding, and Reputation Tampering, which exploit existing trusted applications or manipulate code to maintain benign appearances while executing malicious actions.
• Security professionals are advised to adjust their detection strategies to cover the gaps in SmartScreen and SAC until a patch for the LNK bug is available.

https://www.theregister.com/2024/08/06/bad_apps_bypass_windows_security/…

• Windows SmartScreen security issues have persisted for over six years, allowing malicious apps to bypass security checks easily.
• Recent research by Elastic Security Labs revealed multiple methods, including “LNK stomping,” that hackers can use to circumvent SmartScreen protections.
• Techniques such as creating invalid code signatures or manipulating executable paths enable malicious software to run undetected.
• Additional bypass methods identified include reputation hijacking, seeding, and tampering, further compromising the effectiveness of SmartScreen.
• Despite these vulnerabilities, Microsoft has historically responded to such threats, as seen with updates aimed at strengthening the system.

https://www.pcworld.com/article/2419728/windows-smartscreen-security-has-been-compromised-for-years.html…

• Fake Google Authenticator malware is being spread through a malicious campaign that uses a legitimate Google ad to mislead victims into downloading info-stealer malware.
• Security researchers have identified that the fake ad appears as the “official website” for Google Authenticator, falsely claiming to be verified by a non-existent account.
• Victims clicking on the ad are redirected through multiple domains before landing on a fake site that hosts the malware disguised as Authenticator.exe.
• The malware, known as DeerStealer, is designed to exfiltrate sensitive data and is hosted on a GitHub repository with a valid signature to appear legitimate.
• Experts advise against clicking on ads for software downloads and recommend visiting official repositories directly to avoid such scams.

https://www.cyberdaily.au/security/10910-fake-google-authenticator-app-spreads-malware-not-authentication…

• Google won’t downrank top deepfake porn sites unless victims mass report, despite announcing measures to combat non-consensual explicit deepfakes in search results.
• The search engine has made it easier for victims, primarily women, to report and remove harmful content and aims to filter explicit results related to them.
• Google claims its efforts have reduced exposure to explicit deepfake images by over 70% for searches including individuals’ names, but general searches still lead to problematic links.
• There is uncertainty about what constitutes a “high volume” of removals for downranking sites like Fan-Topia or MrDeepFakes, and Google is currently focused on individual name queries.
• Victims express frustration over the ongoing nature of the issue, with calls for federal legislation to criminalize deepfake creation, as state laws have proven ineffective in preventing the spread of harmful content.

https://arstechnica.com/tech-policy/2024/07/google-starts-broadly-removing-explicit-deepfakes-from-search-results/…

• Google announces new measures to combat nonconsensual sexually explicit deepfakes, aiming to assist victims and reduce the visibility of such content in search results.
• The search engine will derank websites that frequently host deepfakes and filter explicit content from search results after victims request removal through an online form.
• Generative AI tools have contributed to a surge in nonconsensual deepfakes, affecting women and girls, particularly public figures and students in schools.
• Google plans to prioritize relevant news articles over deepfake content in search results to inform users about the societal impacts of deepfakes.
• The announcement follows pressure from lawmakers, including a recent federal bill that would allow victims to sue perpetrators of nonconsensual deepfakes.

https://www.nbcnews.com/tech/tech-news/google-announces-news-steps-combat-sexually-explicit-deepfakes-rcna164560…

• Malware family Google Play: Mandrake malware resurfaces in Google Play after years of hiding
• Mandrake family of malware discovered in various types of apps in Google Play
• Mandrake malware found to have tens of thousands of victims over a four-year period
• Kaspersky reports reemergence of Mandrake-infected apps in Google Play in 2022
• Mandrake spyware evolves with enhanced concealment techniques to avoid detection

https://arstechnica.com/security/2024/07/mysterious-family-of-malware-hid-in-google-play-for-years/…

• US cyber officials issue urgent warning to millions of Apple users to update their devices immediately
• The iOS 17.6 update includes 35 security fixes to protect against hackers accessing personal data or taking control of iPhones
• Apple instructs all 1.46 billion iPhone users to update their devices promptly
• Security vulnerabilities in Kernel and WebKit could allow hackers to compromise iPhones
• Users urged to update to iOS 17.6 to prevent exploitation of security flaws and protect sensitive information

https://www.dailymail.co.uk/sciencetech/article-13690077/Apple-iPhone-update-iOS-security-features.html…

• Thousands of Android users installed 5 infected apps containing Mandrake malware
• Kaspersky researchers discovered new version of Mandrake spyware in Google Play store
• Mandrake malware upgraded with obfuscation to bypass Google Play checks
• Malware used to steal user credentials and download malicious applications
• Google Play Protect can help protect devices from such threats

https://bgr.com/tech/thousands-of-android-users-installed-these-5-infected-apps/…

• A new version of the Mandrake Android spyware has been discovered in apps on Google Play since 2022
• The spyware, identified by Kaspersky, hides its initial stage in a native library, ‘libopencv_dnn.so,’ heavily obfuscated using OLLVM
• Mandrake spyware can perform malicious activities such as data collection, screen recording, and command execution
• The malware uses session-based installation to bypass Android restrictions, requests background running permissions, and hides its icon on the victim’s device
• Google Play Protect is continuously improving to combat such threats, automatically protecting Android users from known versions of the Mandrake malware

https://www.bleepingcomputer.com/news/security/android-spyware-mandrake-hidden-in-apps-on-google-play-since-2022/…

• 15 million Windows users experienced a 18-hour password disappearance due to a Google bug
• CrowdStrike bug and Google’s chaos caused disruptions in tech industry
• Google Password Manager issue affected Windows users on Chrome M127
• Workaround for issue involved launching browser with a command line flag
• Google apologized for the inconvenience and fixed the problem, suggesting users diversify password managers

https://www.windowscentral.com/software-apps/windows-11/passwords-disappear-for-millions-of-windows-users-thanks-to-google…

• Google Workspace security flaw exposed accounts to hackers, allowing bypass of email verification
• Hackers could create Google Workspace accounts without proper verification, leading to potential access to third-party services
• Google identified the issue impacting “a few thousand” accounts in late June, fixed within 72 hours
• Lack of transparency from Google regarding the timeline and extent of the security flaw raises concerns
• Users on platforms like Hacker News and Krebs on Security shared experiences of the issue dating back more than a month

https://www.neowin.net/news/google-workspace-security-flaw-exposed-thousands-of-accounts-to-hackers/…

• Avoid using text message passwords for online security
• One-time passwords sent via SMS are vulnerable to various attacks like phishing and interception
• Authenticator apps like Google Authenticator offer a safer alternative to SMS passwords
• Hardware security keys like Yubico provide even stronger security, though at a cost
• Passkeys, which replace passwords, offer enhanced security against phishing attacks

https://www.cnbc.com/2024/07/27/why-you-should-avoid-one-time-passwords-text.html…